WordPress FPW Category Thumbnails plugin <= 1.9.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin FPW Category Thumbnails versions = 1.9.5...

WordPress BirdSeed plugin <= 2.2.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin BirdSeed versions = 2.2.0...

WordPress FlexTable plugin <= 3.24.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin FlexTable versions = 3.24.0...

WordPress Export WP Page to Static HTML/CSS plugin <= 6.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Export WP Page to Static HTML/CSS versions = 6.0.0...

WordPress Receive Notifications After Form Submitting – Form Notify for Any Forms plugin <= 1.1.10 - Unauthenticated Authentication Bypass vulnerability

Unauthenticated Authentication Bypass vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Receive Notifications After Form Submitting – Form Notify for Any Forms versions = 1.1.10...

WordPress Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin <= 1.17.1 - Missing Authorization to Unauthenticated Rollback Cancellation vulnerability

Missing Authorization to Unauthenticated Rollback Cancellation vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Total Upkeep versions = 1.17.1...

WordPress Rescue Shortcodes plugin <= 3.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Rescue Shortcodes versions = 3.3...

WordPress HAPPY plugin <= 1.0.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin HAPPY versions = 1.0.10...

WordPress WP Docs plugin <= 2.2.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'wpdocs_options[icon_size]' vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'wpdocsoptionsiconsize' vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP Docs versions = 2.2.9...

WordPress ProSolution WP Client plugin <= 1.9.9 - Unauthenticated Arbitrary File Upload via proSol_fileUploadProcess vulnerability

Unauthenticated Arbitrary File Upload via proSolfileUploadProcess vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin ProSolution WP Client versions = 1.9.9...

WordPress DSGVO Google Web Fonts GDPR plugin <= 1.1 - Unauthenticated Arbitrary File Upload via 'fonturl' Parameter vulnerability

Unauthenticated Arbitrary File Upload via 'fonturl' Parameter vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin DSGVO Google Web Fonts GDPR versions = 1.1...

WordPress Debugger & Troubleshooter plugin <= 1.3.2 - Unauthenticated Privilege Escalation to Administrator via Cookie Manipulation vulnerability

Unauthenticated Privilege Escalation to Administrator via Cookie Manipulation vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Debugger & Troubleshooter versions = 1.3.2...

WordPress JS Help Desk - AI-Powered Support & Ticketing System plugin <= 3.0.4 - Unauthenticated SQL Injection via 'multiformid' Parameter vulnerability

WordPress JS Help Desk - AI-Powered Support & Ticketing System plugin = 3.0.4 - Unauthenticated SQL Injection via 'multiformid' Parameter vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin JS Help Desk versions = 3.0.4...

WordPress Quentn WP plugin <= 1.2.12 - Unauthenticated SQL Injection via 'qntn_wp_access' Cookie vulnerability

Unauthenticated SQL Injection via 'qntnwpaccess' Cookie vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Quentn WP versions = 1.2.12...

WordPress WP Terms Popup plugin <= 2.10.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP Terms Popup versions = 2.10.0...

WordPress Petitioner plugin <= 0.7.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Petitioner versions = 0.7.3...

WordPress WPVulnerability plugin <= 4.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WPVulnerability versions = 4.2.1...

WordPress Nexa Blocks plugin <= 1.1.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Nabil Irawan in WordPress Plugin Nexa Blocks versions = 1.1.1...

WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms versions = 1.2.2...

WordPress avalex plugin <= 3.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin avalex versions = 3.1.3...